John Almberg wrote:
2008-01-14 09:30:37.074087500 rblsmtpd: pid 72121: 451

Just one comment, in my installation of SpamAssassin, it reports in
syslog as spamd, not at rblsmtpd. This looks like logs from the
rblsmtpd program that is not SpamAssasin.

As some one mentionned, one way to prevent false positive and too
agressive black lists is to use them through SpamAssassin only, where
the black list score is only part of the spaminess. The draw back is
that it puts more load the server and SpamAssassin that has to
scrutinize every email, while dropping at the SMTP level is fast and
uses very low resources.

Ah... I see. Yes, you are correct. It is rblsmtpd that is doing the filtering.

One of my goals with this mail server set up (primarily pf, qmail, spamassassin, maildrop, courier) was to minimize processing, since my last set up got totally bogged down handling my, and my client's email, frequently running with a load of 8 or more with several spam per second. A real drag.

This set up runs at a much lower load, and seems to do a better job filtering spam.
Since you're already using PF, why not use OpenBSD spamd (not spamassassin) as well? You don't need rblsmtpd then, and OpenBSD spamd operates together with PF. Maybe rblsmtpd does as well, I don't know - I never tried it. Also in combination with relaydb to create your own blacklists it can be pretty interesting. Check out for additional info.

Anyway, to go a little more on the background about blacklists; we were troubled by a lot of "false positive" entries in the blacklists (we use uatraps and nixspam, and spamassassin checks on blacklists like spamhaus since they only allow DNS queries if you don't want to pay). We had big ISPs blacklisted, and seeing at the amount of mailservers they have you don't want to check all of that by hand. And I'm sure somebody else noticed Gmail's awkward way of handling outgoing e-mail. They apparently have one global mail queue or something and try another mail server (of the hundereds they have) when the delivery fails once - a horrible situation for greylisting.

So what we did is create a Perl script that checks every blacklisted entry for a PTR record and tried to give an SMTP HELO command. We filter the PTR record on several keywords (like dsl, dynamic, cable, ip address, stuff like that). If a valid PTR record or a valid SMTP HELO reply has been recieved we remove that entry automatically from the blacklist. So you still blacklist the zillions of DSL connection and filter out the big ISPs or other customers. Naturally you will filter some spammers out using this method, but we still have SpamAssassin as a second layer doing a fine job.(And FYI: it picks a random IP address and has a 1 second delay on everything it checks - we don't want to cause a fuss at ISPs with a lot of blacklisted entries). There's more stuff in this script but the point of this e-mail is not a lecture of that :P

Anyway, ever since we put this script into place we got zero complains about blacklists, while still effectively trapping spammers into OpenBSD spamd and keeping them busy.

Quite a story - I hope someone might find this info useful one way or another. As always, YMMV.

- Jorn

-- John

_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to